HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 176
Dynamic IPv4 source guard using DHCP snooping configuration example, Network requirements
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 176 highlights
# On Ten-GigabitEthernet 1/1/6, configure a static IPv4 source guard binding entry to allow only IP packets with the source MAC address of 0001-0203-0406 and the source IP address of 192.168.0.1 to pass. [SwitchB-Ten-GigabitEthernet1/1/6] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406 [SwitchB-Ten-GigabitEthernet1/1/6] quit # Enable IPv4 source guard on port Ten-GigabitEthernet 1/1/5. [SwitchB] interface ten-gigabitEthernet 1/1/5 [SwitchB-Ten-GigabitEthernet1/1/5] ip verify source ip-address mac-address # On Ten-GigabitEthernet 1/1/5, configure a static IPv4 source guard binding entry to allow only IP packets with the source MAC address of 0001-0203-0407 and the source IP address of 192.168.0.2 to pass. [SwitchB-Ten-GigabitEthernet1/1/5] ip source binding ip-address 192.168.0.2 mac-address 0001-0203-0407 [SwitchB-Ten-GigabitEthernet1/1/5] quit 3. Verify the configuration: # Display static IPv4 source guard binding entries on Switch A. The output shows that the static IPv4 source guard binding entries are configured successfully. display ip source binding static Total entries found: 2 IP Address MAC Address Interface VLAN Type 192.168.0.1 0001-0203-0405 XGE1/1/6 N/A Static 192.168.0.3 0001-0203-0406 XGE1/1/5 N/A Static # Display static IPv4 source guard binding entries on Switch B. The output shows that the static IPv4 source guard binding entries are configured successfully. display ip source binding static Total entries found: 2 IP Address MAC Address Interface VLAN Type 192.168.0.1 0001-0203-0406 XGE1/1/6 N/A Static 192.168.0.2 0001-0203-0407 XGE1/1/5 N/A Static Dynamic IPv4 source guard using DHCP snooping configuration example Network requirements As shown in Figure 58, the host (the DHCP client) obtains an IP address from the DHCP server. Enable DHCP snooping on the switch, so that the host can obtain an IPv4 address from the valid DHCP server and the IPv4 address and the MAC address of the host can be recorded in a DHCP snooping entry. Enable dynamic IPv4 source guard on port Ten-GigabitEthernet 1/1/5 to filter received packets based on DHCP snooping entries, allowing only packets from a client that obtains an IP address from the DHCP server to pass. 167